RELEASE NOTES FOR MOBILE PROTECTION CONSOLE
Please choose from the release notes listed below:
- Mobile Console Release - April 7, 2015
- Mobile Console Release - March 25, 2015
- Mobile Console Release - February 2, 2015
- Mobile Console Release - October 7, 2014
- Mobile Console Release - July 30, 2014
- Mobile Console Release - February 4, 2014
- Mobile Console Release - November 18, 2013
Mobile Console Release - April 7, 2015
| Updates |
|
Mobile Console Release - March 25, 2015
| Fixes |
|
Mobile Console Release - February 2, 2015
| Fixes |
|
Mobile Console Release - October 7, 2014
NEW Feature - Device Apps Tab
Mobile Protection now allows Admins to see which apps are installed on all mobile devices under management. In addition, the reputation of the installed applications is shown.
Increased visibility into the devices under management allows Admins to see risky apps and alert users of issues on their device. Additionally, users can be asked to remove applications which don’t comply with company policy.
At this time the details provided on the Device Apps tab is strictly informational. In a future release, OpenText™ Core Endpoint Protection will include enhanced Policy Management around allowed applications.
The new Mobile Admin Console will look like the image below:
Details within Device Apps Tab
Applications will be listed by their Name, Identifier, Version, Category, and Reputation. Admins can manually update the device’s listed apps by clicking on the ‘Request App Listing’ button. This will send a request to that device to report all installed applications.
Note: iOS devices will only report user installed applications, not any preinstalled Apple applications.
New Reports
Three new reports are available within the Reports tab.
The App Rep Distribution report, shown below, illustrates the breakdown of all apps reported within the organization.
The App Reputation Definitions
- Malicious: the application was detected as a threat (i.e. Trojan, Rootkit, etc.) by OpenText™ Core Endpoint Protection definitions.
-
Unwanted: the application is detected as a Potentially Unwanted Application. A PUA is not malware but has unwanted characteristics which may include: aggressive ads and popups, intrusive privacy policies, marketing to contacts, etc.
-
Suspicious: the application has not triggered any definitions but has received machine classifiers in the malicious and unwanted range.
-
Moderate: the application does not appear to be suspicious, but contains dangerous permissions (i.e. Send, SMS, Call Phone, etc.).
-
Benign: the application is non-whitelisted, contains no dangerous permissions and has received favorable scores from machine classifiers.
-
Trustworthy: the application appears in our whitelist and is safe to use.
-
Moderate**: this value is returned in a special case when reputation is computed based on package name (i.e. no md5 information is available) and means that both malicious and whitelisted application have been found with the same package name.
Mobile Console Release - July 30, 2014
What’s NEW? iOS App!
The new OpenText™ Core Endpoint Protection - Mobile Protection now includes an iOS App to provide essential security for iPhones and iPads. The app includes lost device protection that allows administrators to remotely locate the device, make the device scream, and lock or wipe the device if it’s misplaced or stolen. The OpenText™ Core Endpoint Protection mobile device security console provides central management and inventory controls to IT professionals securing their mobile workforce.
IMPORTANT NOTE: Please clear your browser cache before using the new 1.3 web management console. This release will also require that users' device software is updated.
NEW Features – Admin will have ability to perform locate and scream from OpenText™ Core Endpoint Protection portal.
What needs to be done if I’m an existing customer and have iOS devices enrolled?
- Users must install OpenText™ Core Endpoint Protection - Mobile Protection iOS app from iTunes store
-
Login to Mobile Protection portal
-
Navigate to ‘Devices’ tab
-
Sort devices by ‘Operating System’
-
Highlight all ‘iOS’ devices, and select ‘Resend Enrollment Invite’
- An email will be sent to all users selected with instructions on how to install the app from iTunes
-
What needs to be done for enrolling new iOS devices?
- Follow same procedures as before. The invitation email or SMS sent to user will include updated installation instructions.
-
Below are screenshots of the application once successfully installed.
-
Apple MDM Certificate Management
What do I need to do to renew my iOS certificate within OpenText™ Core Endpoint Protection portal?
Within the OpenText™ Core Endpoint Protection portal, your Apple MDM certificate requires renewal annually. Your certificate details can be viewed by clicking on your user name within portal (top right), and selecting ‘Mobile Protection Settings’. You should also receive an email from Apple 30 days prior to expiration on whatever account used to create the certificate https://identity.apple.com/pushcert/.
The screenshot below describes the steps to renew the certificate.
Note » If your Apple certificate expires, all devices will need to be re-enrolled, as there is no way to renew an expired certificate.
Please ensure you ‘Renew’ your certificate within Apple’s website - https://identity.apple.com/pushcert/
*Revoking or allowing this certificate to expire will require existing devices to be re-enrolled with a new push certificate.
Alerts in portal
What do they mean and how to resolve them?
| Portal Alert | What causes it? | How to fix it |
|---|---|---|
| %d threat(s) found on your device | Android – if malware is found during scan. | Remove or quarantine application. |
| *Install Shield disabled | Android – Install Shield setting on device is turned off. | Work with user to enable this setting within app. |
| *Execution Shield disabled | Android – Execution Shield setting on device is turned off. | Work with user to enable this setting within app. |
| *File System Shield disabled | Android – File System Shield setting on device is turned off. | Work with user to enable this setting within app. |
| Current scan out of date | Android – Last scan is more than a week old. | Ensure device has internet connectivity. Scans are on a scheduler, but can be manually triggered from device. |
| Current definitions out of date | Android – Local definition file is more than a week old. | Ensure device has internet connectivity. Definition downloads are on a scheduler, but can be manually triggered from device. |
| *Scheduled scans disabled | Android – Scheduled scan setting on device is turned off. | Work with user to enable this setting within app. |
| *Automatic definitions updates disabled | Android – Automatic definition update setting on device is turned off. | Work with user to enable this setting within app. |
| *Secure Browsing disabled | Android – Secure Web Browsing setting on device is turned off. | Work with user to enable this setting within app. |
| *Lost Device Protection disabled | Android – Lost Device setting on device is turned off. | Work with user to enable this setting within app. |
| Insecure option enabled: Unknown sources | Android – Unknown sources is enabled in Android security settings. | Work with user to enable this setting within OS. |
| Insecure option enabled: USB debugging | Android – USB debugging is enabled in Android security settings. | Work with user to enable this setting within OS. |
| *Unknown Source Shield disabled | Android – Unknown Source setting on device is turned off. | Work with user to enable this setting within app. |
| *USB Debugging Shield disabled | Android – USB Debugging setting on device is turned off. | Work with user to enable this setting within app. |
| Passcode is not set on device | iOS Passcode not set on device. | iOS - User must set passcode on device which adheres to policy requirements. |
| Device authorization requirements not met | Android – Device screen lock authorization does not meet minimum policy setting. | User must set password on device which adheres to policy requirements. |
| Device idle timeout before screen lock requirements are not met | Android – Screen Lock timeout value on device does not meet minimum policy setting. | User must set screen lock timeout on device which adheres to policy requirements. |
| The user did not grant Device Administration to the client application | Android – Device Administration is turned off for OpenText™ Core Endpoint Protection application in Android security settings. | User must enable Device Administrator privileges for OpenText™ Core Endpoint Protection app within OS Security settings. |
| The device has not responded to communication requests | Device has not responded to server commands for over a period of x days. | Ensure device has internet connectivity. |
| The device has push notifications disabled | iOS app requires push notifications to be enabled. | User must allow push notifications for OpenText™ Core Endpoint Protection app. |
| The device has locations services disabled | iOS app requires location services to be enabled. | User must enable location services for OpenText™ Core Endpoint Protection app. |
| User removed MDM profile from the device | iOS app recognized user removed MDM profile from device. | User must re-enroll by going to OpenText™ Core Endpoint Protection app and following onscreen directions. |
| OpenText™ Core Endpoint Protection iOS agent is not running | iOS app is not running on device. | Work with user to make sure OpenText™ Core Endpoint Protection app is running in background on device. |
| User removed OpenText™ Core Endpoint Protection iOS agent | iOS app was uninstalled by user on device or application was never installed. | Send re-enrollment instructions to user from portal to re-install OpenText™ Core Endpoint Protection app. |
Note » * next to setting indicates alerts you will see with Android clients running 3.3.0.5561 or older. Newer versions of client are policy driven, and user cannot change setting on device. Please ensure users are running latest version of both Android application and iOS application posted within Google Play and Apple iTunes stores respectively.
OpenText™ Core Endpoint Protection Mobile Protection 1.3
| Features | Android™ | iOS® | Comments |
|---|---|---|---|
| Management >> | |||
| Cloud-based central management console |
 |
|
High visibility of all mobile endpoints |
| Instant mobile device status dashboard |
|
|
Shows any device needing attention |
| Remote management |
|
|
Management from any browser, anywhere |
| Scheduling alerting |
|
|
Automated deployment and maintenance easy |
| Over-the-air deployment and updating |
|
|
Making deployment and maintenance easy |
| Out of policy alerting |
|
|
Automatic alerting if a device goes out of policy |
| User group management by iOS--Android and Google |
|
|
Separate policies for Android and iOS, and also manageable by group |
| Policy at group or individual device level |
|
|
Ability to set flexible user level device policies |
| Policy >> Antivirus Shields | |||
| Install Shield |
|
 |
Block threats from installing |
| File system shield |
|
|
Alerts if memory card has threats |
| Execution shield |
|
|
Alert if threat tries to install or run on device |
| Unknown source sheild |
|
|
Warns if allowing "unknown sources" is enabled for app downloads |
| USB debugging shield |
|
|
Warns if USB de-bugging setting is enabled |
| Policy >> Antivirus Schedule | |||
| Automatic scan frequency |
|
|
How often device is automatically scanned |
| Automatic threat definition update frequency |
|
|
How often threat definition updates are checked |
| Policy >> Lost Device Protection | |||
| Lock device |
|
|
Locks device needing password to open |
| Unlock device |
|
|
Remotely unlock device - see Clear pass code for iOS functionality |
| Clear pass code |
|
|
Clear pass code and require a new of if forgotten |
| NEW for iOS - Locate device |
|
|
Provides device location on a map |
| NEW for iOS - Make device scream |
|
|
Makes device emit a screaming noise to aid in locating it |
| Wipe the device |
|
|
Wipes device by restoring to factory settings |
| SIM card lock |
|
|
Locks the device if the SIM card is removed/exchanged |
| Policy >> SMS & Web | |||
| SMS blocking |
|
|
Blocks malicious SMS messages |
| SecureWeb browsing for Chrome |
|
|
Blocks malicious traffic when using Google Chrome browser |
| SecureWeb web browser |
|
|
Separate browser - blocks malicious websites |
| Policy >> Device Lock | |||
| Require a pass code |
|
|
Check if ON, and alert if OFF |
| Minimum pass code length |
|
|
Minimum number of characters allowed in a pass code |
| Idle time before device lock |
|
|
Set time for device to lock automatically if it's unused |
| Minimum pass code strength |
|
|
Set whether alphabetic, PIN, or pattern pass code is used |
| Allow a simple pass code |
|
|
Repeating, ascending, or descending sequences like 1, 2, 3, 4 |
| Require at least one letter |
|
|
Pass code condition policy rule |
| Minimum number of non-alphanumeric characters |
|
|
Pass code condition policy rule |
| Require pass code change every __ number of days |
|
|
Pass code condition policy rule |
| Prevent pass code re-use for __ number of days |
|
|
Pass code condition policy rule |
| After locking require pass code when? |
|
|
Off; Immediately; 1, 5, or 15 minutes; 1 or 4 hours |
| Policy >> Device Communications | |||
| Email accounts |
|
|
Set up what email accounts are allowed to connect to device |
| Wi-Fi connections |
|
|
Set up what Wi-Fi connections are allowed to connect to device |
| VPN connections |
|
|
What VPN routings are allowed |
| Exchange ActiveSync |
|
|
What sync settings with Microsoft Exchange email servers |
| Security & Performance >> | |||
| Faster scans and access to real-time threat data |
|
|
Direct connection to Webroot® Intelligence Network |
| Reduce CPU, bandwidth, memory, and battery consumption |
|
|
Greatly lower device system resource usage |
| Application inspector |
|
|
Categorizes apps for policy control |
| Automatic updating |
|
|
Updates definitions automatically, app updates administer control |
| Battery monitor |
|
|
Battery usage by app 24 hour staus |
| Network monitor |
|
|
Network access by apps |
| Notes >> | |||
| The Android and Apple iOS operating systems are very different--what makes sense in one OS doesn’t make sense in the other. A good example of that is AV scanning. It’s practical on an Android as you can write to the security APIs but on the Apple iOS you have to “jailbreak” (take out the administration and security controls) on the device to run an AV. The goal of OpenText™ Core Endpoint Protection is to have as close replication as possible between functions. This table is a quick overview highlighting how OpenText™ Core Endpoint Protection performs on each operating system. | |||
Mobile Console Release - February 4, 2014
| Updates |
|
| Fixes |
|
Mobile Console Release - November 18, 2013
What’s NEW!
With this 1.1 release, OpenText™ Core Endpoint Protection Mobile Protection introduces the concept of User Group Management and Device Policy Enforcement.
IMPORTANT NOTE: Please clear your browser’s cache before using the new 1.1 web management console. This release also requires that user’s device software is updated.
- NEW – Policies – Administrators now have the ability to create policies for both Android and iOS devices. For the Android operating system, settings available are for AV Shields (install, execution, files system, unknown sources, and USB debugging), AV Schedule, LDP, SMS Blocking, SecureWeb Browsing, and Password/Lock Screen strength. For the iOS operating system, settings are available for Passcode, Wi-Fi, VPN, Exchange ActiveSync, and Mail.
- NEW – User Groups – Administrators can now create User Groups to organize their end users. Groups have a default Android and iOS policy assigned to them. All users within a group will get those policies assigned to their respective devices.
- NEW – Device level policy override – From the devices tab, an Administrator can now override a policy assigned to a particular device within a group. The console shows which devices fall under the “default” assigned policy for a user/group and which devices have a unique policy set.
- NEW – Policies
At the time of release, all existing mobile protection users will be moved into a group called “Default Group.” The devices in this group have a “default” policy assigned according to whether they are iOS or Android devices.
New custom policies can easily be created, as necessary, for each OS platform and assigned to a group or individual device.
New Device Policy Groups
Below are the default settings which are applied for Android and iOS.
ANDROID:
iOS:
New Default Policy Settings
- NEW – User Groups
Administrators now have the ability to manage and place your users within a specific group. At the time of release, all existing users will be moved to into the “Default Group.”
New groups can be manually created and assigned users by dragging and dropping the users into the group. This allows an Administrator to create policies specific to a user group and then assign the policy to all users within that group. When the default policy for a group is created or changed, all user devices within that group update automatically.
New Drag and Drop Policy Groups
- NEW – Device Level Policy Override
As an Administrator, you are now able to override the group policy at the device level if a device requires a special policy. Go to the “Device Attributes” tab after double-clicking on a device to see more details. There, you have the option to change the policy for the device, which is applied automatically.
Mandatory Device Updates:
Android Devices
For Android users there is a new version of the OpenText™ Core Endpoint Protection – Mobile Protection software available on the Google Play Store. Please update your users from the current version (3.3.0.5571) to the latest version (3.5.0.6045).
With this update all policy driven settings are placed in read-only mode on the device. This ensures end-users are not able to change any policy settings deemed important by an Administrator.
The scan engine has also been updated and now utilizes OpenText™ Core Endpoint Protection’s cloud security intelligence, the Webroot Intelligence Network™ service, to perform faster scans and increase application efficacy. It also reduces CPU, bandwidth, and memory utilization, which equates to far less battery consumption.
New Locked-Down Policies
Apple iOS Devices
With this release we have added a great deal of new policy-driven options for iOS devices. As an Administrator, you are now able to configure Passcode, Wi-Fi, VPN, Mail, and MS Exchange ActiveSync settings for your users. At the time of release, all iOS enrollments are assigned the default iOS policy, which is pushed down to their devices automatically. Please note the Default Settings as per the table under Section 1 – NEW – Policies.
If for any reason you would like to turn the passcode policy off or change the screen lock timeout to be greater than one minute, the user will have to re-enroll their profile.
NOTE: this is only for existing users that were enrolled prior to the upgrade. The reason for this is the passcode strength and screen lock timeout were originally part of the old enrollment profile and cannot be changed directly from the console.
Thanks for your feedback!
Powered by NOHOLD Inc. U.S. Patent No. 10,659,398
All Contents Copyright© 2026